About Sonatype

The leader in software supply chain management.

Sonatype has a long history of accelerating open source usage. As the stewards of the Central Repository, the creators of the Apache Maven project and the distributors of the Nexus open source repository manager, Sonatype has supported the adoption of open source by more than 10 million developers worldwide.

Today, Nexus repository managers are preferred 5:1 over all other brands with more than 50,000 instances worldwide. Nexus Lifecycle (formerly Component Lifecycle Management ) has fast become the “go-to” choice for mitigating open source risk by providing continuous governance across the software supply chain.

100% of the top credit card companies, 80% of the top financial companies and 75% of the top IT manufacturers are Sonatype customers.

Deliver better software, even faster.

Much like a traditional “supply chain” is used to manufacture products, today’s software is built with a supply chain of components from all over the globe, most of which are open source. The challenge is knowing which components you are using, where they are used and which ones have security vulnerabilities, license or quality issues.

Sonatype delivers a patented method for providing accurate, real-time data on component vulnerabilities, which is then integrated into the tools development professionals use every day. By seeing clearly and acting quickly, open source risk is easily avoided across the entire software lifecycle with comparatively low cost and effort. Crisp, clean dashboard views satisfy the varied needs of application developers, architects, DevOps as well as security and legal staff.

The urgent need for software supply chain management and the value that Sonatype provides has been recognized by influential media such as The Wall Street Journal, Forbes, and The New York Times as well as industry publications including CIO, CSO, Wired, and Tech Crunch.

Nexus Lifecycle and Nexus Auditor provides a new way to identify, manage and monitor every component and its dependencies throughout the software lifecycle. These solutions enable organizations to realize the promise of agile, component-based software development while avoiding security, quality and licensing risks.